Re: 443 VirtualHost setup yields "Server should be SSL-aware" error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Another question, I see you have SSLProxyEngine On, so I assume your are using it as a Reverse Proxy. Does the backend requires SSL aswell? In that case you will need at least the trusted certificate for the backend's server certificate specified in SSLProxyCACertificateFile.

What version of Apache are you using?

Are you sure Apache have privileges over that directory?


2015-08-04 16:19 GMT-03:00 , , <us.shadow.op@xxxxxxxxx>:
That is correct.

On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
<matias.visbeek@xxxxxxxxxx> wrote:
> Just to be sure, is your example.crt file just the public key of your
> ceritficate in PEM Base64 format?
>
>
> 2015-08-04 15:23 GMT-03:00 <eigenbrais1@xxxxxxxxx>:
>>
>> Apologies, the leading slash was not supposed to be there, just copied
>> a fake file location and forgot to remove it, the full path is defined
>> for the certs:
>> SSLCertificateFile      "/opt/blah/web/apache2/cert/example.crt"
>> SSLCertificateKeyFile   "/opt/blah/web/apache2/cert/example.key"
>> SSLCertificateChainFile
>> "/opt/blah/web/apache2/cert/example-intermediate.crt"
>>
>> Matias, not sure what you mean by "are you sure conditions for
>> IfDefine are met?" If you mean are those levels defined properly etc.
>> then yes, I use those IfDefines several times in the rest of the
>> configuration.
>>
>> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
>> <matias.visbeek@xxxxxxxxxx> wrote:
>> > Hi,
>> >
>> > I have 2 different theories about what is happening with your code.
>> >
>> > First, this line looks wrong
>> > SSLCertificateFile      "/example.crt"
>> >
>> > Do you have your certificate file in the root directory?
>> > Try changing it for this
>> >
>> > SSLCertificateFile      "example.crt"
>> >
>> > or providing the full path to the file, for example
>> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt"
>> > for
>> > Windows.
>> >
>> > Second, you define your certificate inside IfDefine tags, are you sure
>> > conditions for IfDefine are met?
>> >
>> > Regards,
>> >
>> > Matías
>> >
>> > 2015-08-04 15:02 GMT-03:00 <eigenbrais1@xxxxxxxxx>:
>> >>
>> >> RHEL: 5
>> >> Apache: 2.2.29
>> >>
>> >> Trying to set up a VirtualHost in my 443 configuration
>> >>
>> >>
>> >> ----------------------------------------------------------------------------
>> >> Listen 443 (also tried Listen 443 http)
>> >>
>> >> DocumentRoot    "/www/secure"
>> >>
>> >> NameVirtualHost *:443
>> >>
>> >> <VirtualHost *:443>
>> >>
>> >> <IfDefine leveltest>
>> >> ServerName      test.something.com
>> >> RewriteEngine On
>> >> SSLEngine     On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> SSLCertificateFile      "/example.crt"
>> >> SSLCertificateKeyFile   "example.key"
>> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> </IfDefine>
>> >> <IfDefine levelprod>
>> >> RewriteEngine On
>> >> SSLEngine     On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> RewriteEngine On
>> >> SSLEngine     On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> SSLCertificateFile      "/example.crt"
>> >> SSLCertificateKeyFile   "example.key"
>> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> </IfDefine>
>> >>
>> >> SSLOptions              +StdEnvVars +ExportCertData
>> >> SSLProtocol             ALL -SSLv2 -SSLv3
>> >>
>> >>
>> >>
>> >> -------------------------------------------------------------------------------------
>> >>
>> >> The above results in the following error when trying to start:
>> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
>> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>> >>
>> >> We know that certificate listed works as we are currently using it,
>> >> only difference is we tried including it in a VirtualHost now.
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux